Security Corner

Jul 31 2014   11:28PM GMT

Symantec Endpoint Protection Privilege Escalation Zero Day

Ken Harthun Ken Harthun Profile: Ken Harthun

SANS Internet Storm Center
Symantec Endpoint Protection

SEP BoxWhat do you do when the very software you depend on to keep you safe from malware has vulnerabilities? Those of us who use Symantec Endpoint Protection on our networks are pondering this dilemma. Seems that SEP is vulnerable to attack.

From the Internet Storm Center (ISC) InfoSec Handlers Diary:

The people at Offensive Security have announced that in the course of a penetration test for one of their customers they have found several vulnerabilities in the Symantec Endpoint Protection product. While details are limited, the vulnerabilities appear to permit privilege escalation to the SYSTEM user which would give virtually unimpeded access to the system.  Offensive Security has posted a video showing the exploitation of one of the vulnerabilities.

Symantec has indicated they are aware of the vulnerabilities and are investigating.

There is some irony in the fact that there are Zero Day vulnerabilities in the software that a large portion of users count on to protect their computer from malware and software vulnerabilities. The fact is that software development is hard and even security software is not immune from exploitable vulnerabilities. If there is a bright side, it appears that there are no exploits in the wild yet and that local access to the machine is required to exploit these vulnerabilities.

This is a good lesson in why layered security or security-in-depth is so important. You cannot rely only upon a single protection method.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: